Severe Vulnerabilities reported in in Ray Open Source Framework for AI/ML
Take action: If you are using Anyscale Ray framework, lock it inside a trusted network. And yet be conscious and communicate that you are still vulnerable to exploits, since an attacker can enter the network through other vectors. The AI systems - especially those that accept arbitrary input are a very big attack footprint, and you need to consider them very carefully.
On November 28, 2023, researchers raised concerns about serious security vulnerabilities in Ray, a widely used open source framework designed for scaling artificial intelligence (AI) and machine learning (ML) tasks. These flaws, if exploited, could severely compromise the framework's security, allowing attackers unprecedented access and control.
The vulnerabilities affect versions 2.6.3 and 2.8.0 of the framework.
Anyscale, has not yet taken any action to rectify these vulnerabilities and considers these vulnerabilities irrelevant, arguing that Ray is intended for use in strictly controlled network environments, a stipulation mentioned in their documentation.
Ray, integral to AI and ML operations in various large-scale enterprises, is now under scrutiny for three major, unaddressed security flaws. They pose a significant risk, especially for organizations with Ray instances accessible via the Internet or local networks. If Ray is deployed in cloud environments like AWS, attackers could potentially access privileged IAM credentials.
The security gaps could potentially allow attackers to gain control over the operating system of all nodes in a Ray cluster, execute remote code, and elevate privileges.
CVE-2023-48023: Remote Code Execution (RCE) due to Missing AuthenticationThis vulnerability is classified as a Remote Code Execution (RCE) issue. RCE vulnerabilities allow an attacker to run arbitrary code on a victim's machine from a remote location.
CVE-2023-48022: Server-Side Request Forgery (SSRF) in Ray Dashboard API Leading to RCE
CVE-2023-6021: Insecure Input Validation Enabling Remote Attackers to Execute Malicious Code
Anyscale's documentation emphasizes the importance of deploying Ray in controlled network environments, highlighting the framework's expectation of operating in secure networks and handling trusted code. It advises developers to be mindful of this when building applications with Ray.